The risk must be manually downloaded and executed.
It may be stored in the following location:
When executed, the program lists the hash values for sessions of Microsoft LanManager and Windows NT.
The program can also add, change, and delete any associated credentials.
You can configure the action or actions that scans should take when they make a detection. Each scan has its own set of actions, such as Clean, Quarantine, Delete, or Leave alone (log only).
For more information, please see the following resource:
Changing the action that Symantec Endpoint Protection takes when it makes a detection